Blog Posts Tagged with "Cloud Security"

I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...

The challenges of dealing with a completely connected, ubiquitously computable world are that data can be moved, stored, and used anywhere and that the infrastructure that moves that data around is less and less under your control. That's an interesting thing for information security professionals...

NBVP had around 40 industry collaborators survey close to 800 respondents to ascertain their key issues impacting cloud computing. Security remains the primary inhibitor to adoption with 55% of respondents identifying it as a concern, followed by regulatory compliance at 38% and vendor lock-in at 32%...

You cannot “stop attacks”, you can only alter the consequences of the attacks. You can stop attacks from succeeding sometimes, and minimize the impact on your organization, but the attacks will come no matter what. Further, the idea that “attacks” only fall into two categories, zero-day and patchable, is more nonsense...

“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."

I was interested to read recently a survey that was commissioned by the Cloud Alliance. What was key for the respondents? Data security and end-user privacy were paramount. One-quarter of survey respondents in organizations with more than 200 workers listed security and privacy as their primary concerns...

“If you’re moving information into the cloud, it just seems to me that all kinds of nasty activity could go on in there. I would take a Missouri approach and say, ‘prove it to me, show it to me,’ how it’s more secure,” said former director of intelligence, surveillance and reconnaissance for the Air Force...

So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...

Some cloud vendors are engaged with IT and following a top down adoption approach while others are aiming for a more viral bottom up adoption. What issues do these different approaches raise and how do we navigate this path while ensuring agility and compliance?

There are numerous third parties and cloud providers around. A few have already achieved a dominant position, but a recent article highlighted that "others have opportunities to get into the act by offering more security and protection". So there you are, security can be a unique selling proposition...

"Migrating to the cloud is not an easy process but good preparation goes a long way toward making it easier. Many businesses do not have their internal systems in good shape in the first place so migrating them to the cloud in bad condition must be horrendous"...

EFF’s asked the court to return files lost when Megaupload was seized last January. Since then, we’ve been to court both for a hearing and a mediation and nothing has changed. The key problem: the government has failed to help third parties get access to their data. So we have no choice but to go back to court...

If you've chosen wisely, you environments across your public and private clouds are consistent. The big question is - how do we keep our environments consistent in the face of security requirements to push patches? The answers rely very heavily on automation and policy...

Purists were adamant that the Private Cloud was flawed and that it could not deliver the benefits of the Public Cloud. On the other hand organizations were highly skeptical of the Public Cloud, listing its shortcomings in terms of security, reliability, compliance and control...

I don’t want to see the main outcome of security and data breaches become lengthy litigation. If cloud security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture...

Portability is important not just across your various cloud providers but also internally. What are we talking about here? First is the acknowledgement that security isn't exclusively about the perimeter anymore. The move to cloud computing environments hastens this awareness...